[Python-checkins] [3.11] gh-102281: Fix potential nullptr dereference + use of uninitia… (#103040)

hauntsaninja webhook-mailer at python.org
Sat Mar 25 19:35:07 EDT 2023 

https://github.com/python/cpython/commit/b28f919007439b48a1d00d54134d7b020a683cda
commit: b28f919007439b48a1d00d54134d7b020a683cda
branch: 3.11
author: Max Bachmann <kontakt at maxbachmann.de>
committer: hauntsaninja <12621235+hauntsaninja at users.noreply.github.com>
date: 2023-03-25T16:35:00-07:00
summary:

[3.11] gh-102281: Fix potential nullptr dereference + use of uninitia… (#103040)

[3.11] gh-102281: Fix potential nullptr dereference + use of uninitialized memory (gh-102282)
(cherry picked from commit afa6092ee4260bacf7bc11905466e4c3f8556cbb)

files:
A Misc/NEWS.d/next/Core and Builtins/2023-03-02-13-49-21.gh-issue-102281.QCuu2N.rst
M Modules/getpath.c
M Python/fileutils.c

diff --git a/Misc/NEWS.d/next/Core and Builtins/2023-03-02-13-49-21.gh-issue-102281.QCuu2N.rst b/Misc/NEWS.d/next/Core and Builtins/2023-03-02-13-49-21.gh-issue-102281.QCuu2N.rst
new file mode 100644
index 000000000000..b0269dd3d92b
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2023-03-02-13-49-21.gh-issue-102281.QCuu2N.rst	
@@ -0,0 +1 @@
+Fix potential nullptr dereference and use of uninitialized memory in fileutils. Patch by Max Bachmann.
diff --git a/Modules/getpath.c b/Modules/getpath.c
index ceacf36d8968..bc730fcd7dc7 100644
--- a/Modules/getpath.c
+++ b/Modules/getpath.c
@@ -452,7 +452,10 @@ getpath_realpath(PyObject *Py_UNUSED(self) , PyObject *args)
             if (s) {
                 *s = L'\0';
             }
-            path2 = _Py_normpath(_Py_join_relfile(path, resolved), -1);
+            path2 = _Py_join_relfile(path, resolved);
+            if (path2) {
+                path2 = _Py_normpath(path2, -1);
+            }
             PyMem_RawFree((void *)path);
             path = path2;
         }
diff --git a/Python/fileutils.c b/Python/fileutils.c
index 27924261f439..c86ed40b1993 100644
--- a/Python/fileutils.c
+++ b/Python/fileutils.c
@@ -2142,7 +2142,10 @@ _Py_join_relfile(const wchar_t *dirname, const wchar_t *relfile)
     }
     assert(wcslen(dirname) < MAXPATHLEN);
     assert(wcslen(relfile) < MAXPATHLEN - wcslen(dirname));
-    join_relfile(filename, bufsize, dirname, relfile);
+    if (join_relfile(filename, bufsize, dirname, relfile) < 0) {
+        PyMem_RawFree(filename);
+        return NULL;
+    }
     return filename;
 }
 
@@ -2180,6 +2183,7 @@ _Py_find_basename(const wchar_t *filename)
 wchar_t *
 _Py_normpath(wchar_t *path, Py_ssize_t size)
 {
+    assert(path != NULL);
     if (!path[0] || size == 0) {
         return path;
     }

More information about the Python-checkins mailing list